BUSINESS CONTINUITY. Audit Report No. ABC0109. March 31, 2009
|
|
- Jared Cooper
- 8 years ago
- Views:
Transcription
1 BUSINESS CONTINUITY Audit Report No. ABC0109 March 31, 2009 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report
2 AUDITOR S REPORT Business Continuity / Disaster Recovery / Contingency Emergency Plan Harris County, Texas Report March 31, 2009 Henry E. Webb, CFE or
3 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY March 31, 2009 Steven B. Schnee, Ph.D. Executive Director MHMRA of Harris County 7011 SW Freeway Houston, TX RE: (Report No. ABC0109) BACKGROUND In the event of a significant business interruption the Mental Health and Mental Retardation Authority of Harris County (MHMRA) has policies and procedures in place to help ensure a successful resumption and continuation of operations in the event of a disaster. The addresses a variety of disaster scenarios, including proper planning and alternate procedures in the event of business interruption. Key personnel have been assigned specific tasks and responsibilities in order to properly deal with Disaster Recovery and Business Continuity. The Agency s goal is to ensure the safety of staff, the security of data and the ability to provide quality services to their clients, in a manner consistent with established expectations regardless of the physical challenges MHMRA may face. MHMRA businesses depend heavily on technology and automated systems, and their disruption for even a few days could cause severe financial loss. The continued operations of the Agency depend on management s awareness of potential disasters, their ability to develop a plan to minimize disruptions of critical functions and the capability to recover operations expediently and successfully. MHMRA s Disaster Recovery Plan is a comprehensive statement of consistent actions to be taken before, during and after a disaster. The plan has been clearly documented and tested to ensure the continuity of operations and availability of critical resources in the event of a disaster. The primary objective of MHMRA s disaster recovery planning is to protect the organization in the event that all or part of its operations, programs, and/or computer services is rendered unusable. Preparedness has been the key. The planning process has minimized the disruption of operat ions to ensure a level of organizational stability and an orderly recovery after a disaster. The Agency s objectives of disaster recovery planning include: Providing a sense of security Minimizing risk of delays Guaranteeing the reliability of systems I
4 Providing a standard for testing the plan Minimizing decision-making during a disaster Organizational Preparedness 1. Obtain Top Management Commitment Top management has supported and been involved in the development of the disaster recovery planning process. Management has been responsible for coordinating the disaster recovery plan and ensuring its effectiveness within the Agency. Adequate time and resources have been committed to the development of an effective plan. Resources included both financial considerations and the effort of all personnel involved. 2. Establish a Command Staff The planning committee was appointed to oversee the development and implementation of the plan. This committee included representatives from all functional areas of the organization. Key committee members included the Risk Manager, Quality Management, Nursing, and Information Technology personnel. The committee defined the scope of the plan. 3. Perform a Risk Assessment The planning committee prepared a risk analysis and business impact analysis that included a range of possible disasters, including natural, technical and human threats. Each functional area of the organization was analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk assessment process evaluated the safety of critical documents and vital records. Traditionally, fire has posed the greatest threat to the Agency as well as weather (due to location). Intentional human destruction, however, has also been considered. 4. Establish Priorities for Processing and Operations The critical needs of each department within the organization has been carefully evaluated in such areas as: Functional operations Key personnel Information Processing Systems Service Documentation Vital records Policies and procedures Processing and operations were analyzed to determine the maximum amount of time that the department and organization could operate without each critical system. Critical needs were defined as the necessary procedures and equipment required to continue operations should a department, computer center, main facility or a combination of these be destroyed or become inaccessible. 5. Determine Recovery Strategies The most practical alternatives for processing in case of a disaster were researched and evaluated. Some of the areas considered important aspects of the organization that were taken into consideration were: Facilities Hardware II
5 Software Communications Data files Client services User operations End-user systems Other processing operations Written agreements for specific needs have been prepared, including the following special considerations: Fuel Contracts Security procedures Notification of system changes Hours of operation Specific hardware and other equipment required for processing Personnel requirements Circumstances constituting an emergency 7. Organized and Documented a Written Plan Executive management, as well as the Board of Director s have reviewed and approved MHMRA s Disaster Recovery Plan. Each division within MHMRA of Harris County is also responsible for the development and implementation of a disaster response plan that addresses all components within the division. Each division/component must retain a disaster plan on site with a copy to the Disaster Coordinator. The probability of a disaster occurring within the Agency is highly uncertain. The disaster plan, however, is similar to liability insurance: it provides a certain level of comfort in knowing that if a major catastrophe occurs, it should not result in total financial disaster. Insurance alone is not adequate because it may not compensate for the incalculable loss of business during the interruption. One of the reoccurring themes heard during the audit from staff as to the importance of the Disaster and Emergency Response Plan that MHMRA of Harris County has put in place can be summarized below: Minimizing potential economic loss Decreasing potential exposures Reducing the probability of occurrence Reducing disruptions to operations Ensuring organizational stability Providing an orderly recovery Minimizing insurance premiums Reducing reliance on certain key individuals Protecting the assets of the organization Ensuring the safety of personnel and clients Minimizing decision-making during a disastrous event Minimizing legal liability OBJECTIVES The overall objectives of the audit were to determine whether the department: Managed and used resources in an efficient, effective, and economical manner Administered funds in compliance with applicable laws, regulations, policies, and procedures Implemented internal controls to prevent or detect material errors and irregularities III
6 The specific objectives in this audit were to: Determine if MHMRA policies and procedures (relating to the Center s Disaster and Emergency Response Plan), adequately assured compliance with federal, state, and local laws. Determine if systems of internal controls implemented were adequate to assure that the Agency does not suffer undue economic loss. Evaluate management controls over the administration of the Disaster and Emergency Response Plan SCOPE The scope of the work did not constitute an evaluation of the overall internal control structure of the unit. The examination was designed to evaluate and test compliance with established policy and procedures and to test the internal control over tested areas and material. The audit scope period was for the period ended February 28, Departmental management is responsible for establishing and maintaining a system of internal controls to adequately comply with approved policy and procedures. The objectives of an internal control system are to provide management with reasonable, but not absolute, assurance that assets are safeguarded against loss from unauthorized use or theft, and that transactions are executed in accordance with management s authorization and are properly recorded. Because of inherent limitations in any system of internal accounting control errors or irregularities may occur and not be detected in a timely manner. Also, projection of any evaluation of the system to future periods is subject to the risk that procedures may become inadequate because of changes in conditions, or that the degree of compliance with procedures may deteriorate. The purpose of the audit report is to furnish management independent, objective analyses, recommendations, and information concerning the activities reviewed. The audit report is a tool to help management discern and implement specific improvements. The audit report is not an appraisal or rating of management. Although due professional care in the performance was exercised, this should not be construed to mean that unreported noncompliance or irregularities do not exist. The deterrence of fraud is the responsibility of management. Audit procedures alone, even when carried out with professional care, do not guarantee that fraud will be detected. Specific areas for improvement were addressed in a Minor Issues Memo provided to Management during the Exit Conference. would like to thank management and staff for their cooperation throughout the audit. METHODOLOGY In order to meet the objectives, flowcharted and evaluated controls related to the administration of, as well as reviewed policies and procedures for compliance and completeness. The Center s Disaster and Emergency Response Plan was benchmarked against several Business Continuity Plans. Interviews were conducted with staff members from the following departments: Facilities, Accounting, Purchasing, Contracts, Quality Management, Information Technology, Nursing, Mental Health, Mental Retardation, Transportation, Comprehensive Psychiatric Emergency Program, and other Department personnel as needed. Additional audit tests and procedures were conducted as considered necessary. STATEMENT OF AUDITING STANDARDS The audit was conducted in accordance with generally accepted government auditing standards (GAGAS). Those standards require that plan and perform the audit to afford a reasonable basis for the judgments and conclusions regarding the organization, program, activity, or function under audit. An audit IV
7 also includes assessments of applicable internal controls and compliance with requirements of laws and regulations when necessary to satisfy the audit objectives. An audit also includes assessing the estimates, judgments, and decisions made by Agency management. It is believed that this audit provides a reasonable basis for the findings, conclusions, and recommendations. RESULTS As a result of the audit procedures and interviews conducted, it was determined that departmental compliance with established criteria to adequately administer the Center s Disaster and Emergency Response Plan generally meets Agency requirements. -S- Henry E. Webb CC: Rose Childs, MSW, CSWM, Deputy Director, Mental Health Division Kenneth Collins, LMSW, Deputy Director, Mental Retardation Division Barbara Dawson, MSE, Deputy Director, Comprehensive Psychiatric Emergency Program Division Daryl Knox, MD, Medical Director, Comprehensive Psychiatric Emergency Program Division Sarah Flick, MD, Medical Director, Mental Retardation Services Sylvia Muzquiz, MD, Medical Director, Mental Health Services Jeanne Mayo, MS, JD, General Counsel Alex Lim, MBA, CPA, Chief Financial Officer External Audit Firm Audit Committee: Tom Hamilton, Ph.D. (Chairman) Jane B. Cherry Paige M. Cokinos Charles O. Buckner. CPA Vicki S. Raynold, CPA Bob Borochoff V
8 ATTACHMENT A SUMMARY OF RECOMMENDATIONS March 31, 2009 Unit: Area: Procedural Inherent Risk: Low Control Environment: Well Controlled Overall Risk: Low Moderate Acceptable Moderate High Poorly Controlled High Type of Procedures: Audit Scope: * Using Internal Control Evaluation (ICEs) forms, documented internal controls * Conducted a preliminary survey reviewing applicable policies and procedures, etc. * Interviewed various staff, obtained understanding of management controls * Examined detailed receipts, vouchers, and supporting documentation Priority Rating: Audit Recommendations: Follow-up: As Risk Assessment Warrants Priority Rating 1. Implement immediately (30-90 days) - Serious internal control deficiencies or recommendations to reduce cost, maximize revenues, or improve internal controls that can be easily implemented. 2. Work towards implementing (6-18 months) - Less serious internal control deficiencies or recommendations that can not be implemented immediately because of constraints imposed on the unit (i.e., budgetary, technological constraints). 3. Implement in the future (2-3 years) - Recommendations that should be implemented but that can not be implemented until significant and/or uncontrolled events occur (i.e. legislative changes, buy and install major systems, requires third party cooperation).
Investing in Texas - A Review of Audit Reports For Executive Staff and Board Members
EXPENSE AND CREDIT CARD USE FOR EXECUTIVE STAFF AND BOARD MEMBERS Audit Report No. EXE0109 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Expense and Credit Card Use
More informationEMPLOYEE TRAVEL AND TRAVEL RELATED EXPENSES. Audit Report No. TRE0110. December 11, 2009
EMPLOYEE TRAVEL AND TRAVEL RELATED EXPENSES Audit Report No. TRE0110 December 11, 2009 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Employee Travel And Travel Related
More informationSample Audit of a Maintenance Program
FACILITIES/MAINTENANCE DEPARTMENT Audit Report No. FM0110 June 11, 2010 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Harris County, Texas Report June 11, 2010 Henry
More informationORGANIZATIONAL DEVELOPMENT AND HUMAN RESOURCES PETTY CASH AUDIT UNIT #1108 SPECIAL REQUEST. Audit Report No. ODHR0107.
ORGANIZATIONAL DEVELOPMENT AND HUMAN RESOURCES PETTY CASH AUDIT UNIT #1108 SPECIAL REQUEST Audit Report No. ODHR0107 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Internal Audit Report AUDITOR
More informationFLEET MANAGEMENT FOLLOW-UP. Audit Report No. FM020910. December 21, 2009
FLEET MANAGEMENT FOLLOW-UP Audit Report No. FM020910 December 21, 2009 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Fleet Management Follow-up Harris County, Texas
More informationACCOUNTS PAYABLE VENDOR PAYMENT. Audit Report No. AP0110. November 06, 2009
ACCOUNTS PAYABLE VENDOR PAYMENT Audit Report No. AP0110 November 06, 2009 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Harris County, Texas Report November 06, 2009
More informationGRANTS ADMINISTRATION. Audit Report No. AGM0110. May 11, 2010
GRANTS ADMINISTRATION Audit Report No. AGM0110 May 11, 2010 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Harris County, Texas Report May 11, 2010 Henry E. Webb, CFE
More informationACCOUNTS PAYABLE VENDOR PAYMENT Follow-up. Audit Report No. AP0210. July 02, 2010
ACCOUNTS PAYABLE VENDOR PAYMENT Follow-up Audit Report No. AP0210 July 02, 2010 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Accounts Payable Vendor Payment Follow-up
More informationFIXED ASSETS AND INVENTORY CONTROL. Audit Report No. FAINV0111. February 3, 2011 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY
FIXED ASSETS AND INVENTORY CONTROL Audit Report No. FAINV0111 February 3, 2011 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Department AUDITOR S RERT Fixed Assets and Inventory Control Harris
More informationFIXED ASSETS/INVENTORY CONTROL. Audit Report No. FA0109. July 30, 2009
FIXED ASSETS/INVENTORY CONTROL Audit Report No. FA0109 July 30, 2009 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Harris County, Texas Report July 30, 2009 Henry
More informationFLEET MANAGEMENT. Audit Report No. FM0109. December 22, 2008
FLEET MANAGEMENT Audit Report No. FM0109 December 22, 2008 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Fleet Management Harris County, Texas Report December 22,
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationFIXED ASSETS/INVENTORY CONTROL. Audit Report No. FA0206. September 8, 2006
FIXED ASSETS/INVENTORY CONTROL Audit Report No. FA0206 September 8, 2006 MENTAL HEALTH MENTAL RETARDATION AUTHORITY OF HARRIS COUNTY Report AUDITOR S REPORT Harris County, Texas Report September 8, 2006
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationBusiness Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com
Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business www.integrit-network.com Business Continuity & Disaster Survival Strategies for the Small & Mid Size Business AGENDA:
More informationMaryland Transportation Authority
Audit Report Maryland Transportation Authority March 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationDepartment of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006
Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationInformation Technology Internal Audit Report
Information Technology Internal Audit Report Report #2013-03 August 9, 2013 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope... 5 Testing
More informationOregon Employment Department: Computer Programs for Unemployment Tax Returns and Claims Need Attention
Secretary of State Audit Report Jeanne P. Atkins, Secretary of State Gary Blackmer, Director, Audits Division Oregon Employment Department: Computer Programs for Unemployment Tax Returns and Claims Need
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationDepartment of Labor, Licensing and Regulation Division of Unemployment Insurance
Audit Report Department of Labor, Licensing and Regulation Division of Unemployment Insurance February 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This
More informationGuideline on risk management and other aspects of internal control in central securities depository
until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph
More informationJuly 6, 2015. Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263
July 6, 2015 Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263 Re: Security Over Electronic Protected Health Information Report 2014-S-67
More informationFINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001
FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems
More informationMaryland Health Insurance Plan
Audit Report Maryland Health Insurance Plan April 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationLegislative Audit Division State of Montana. Criminal Justice Information Network (CJIN)
Legislative Audit Division State of Montana November 2004 Report to the Legislature Information System Audit Criminal Justice Information Network (CJIN) Department of Justice This report contains the results
More informationGuidelines 1 on Information Technology Security
Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical
More informationMaryland Department of Aging
Audit Report Maryland Department of Aging March 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are available
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationReview of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013
Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included
More informationSubsequent Injury Fund
Audit Report Subsequent Injury Fund September 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are available
More informationComptroller of Maryland Motor-fuel, Alcohol and Tobacco Tax Division
Audit Report Comptroller of Maryland Motor-fuel, Alcohol and Tobacco Tax Division July 2010 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any
More informationInternal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation
Department NeighborWorks America Audit Review of the Business Continuity Plan (BCP) and Documentation Project Number: ADMN.BCP.2013 Audit Review of of BCP Table of Contents Project Completion Letter...
More informationThe University of Texas at Tyler. Audit of Compliance with Texas Administrative Code 202
Audit of Compliance with Texas Administrative Code 202 August 2015 OFFICE OF AUDIT AND CONSULTING SERVICES 3900 UNIVERSITY BOULEVARD TYLER, TEXAS 75799 BACKGROUND Texas Administrative Code (TAC) Title
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Emergency Preparedness at Internal Revenue Service Facilities Needs to Be Improved September 17, 2008 Reference Number: 2008-10-148 This report has cleared
More informationDepartment of Consumer Affairs Cash Disbursements by Agency Checks
Internal Control Audit of the Department of Consumer Affairs Cash Disbursements by Agency Checks January 2008 Audit No. 2007-102 Internal Audit Office TABLE OF CONTENTS Report Summary Auditor s Report
More informationHow To Check If Nasa Can Protect Itself From Hackers
SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration
More informationOFFICE OF THE CITY CONTROLLER
OFFICE OF THE CITY CONTROLLER HOUSTON POLICE DEPARTMENT Annise D. Parker, City Controller Steve Schoonover, City Auditor Report No. 05-33 April 3, 2006 The Honorable Bill White, Mayor City of Houston,
More informationTABLE OF CONTENTS. 2006.1259 Information Systems Security Handbook. 7 2006.1260 Information Systems Security program elements. 7
PART 2006 - MANAGEMENT Subpart Z - Information Systems Security TABLE OF CONTENTS Sec. 2006.1251 Purpose. 2006.1252 Policy. 2006.1253 Definitions. 2006.1254 Authority. (a) National. (b) Departmental. 2006.1255
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationEMERGENCY MANAGEMENT PERFORMANCE AND STATE HOMELAND SECURITY PROGRAM FEDERAL GRANTS
EMERGENCY MANAGEMENT PERFORMANCE AND STATE HOMELAND SECURITY PROGRAM FEDERAL GRANTS REPORT ON AUDIT FOR THE YEAR ENDED JUNE 30, 2014 Auditor of Public Accounts Martha S. Mavredes, CPA www.apa.virginia.gov
More informationAPPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1
APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1 The CAMEL rating system is based upon an evaluation of five critical elements of a credit union's operations: Capital Adequacy, Asset Quality, Management,
More informationMissouri Student Information System Data Governance
Nicole R. Galloway, CPA Missouri State Auditor ELEMENTARY AND SECONDARY EDUCATION Missouri Student Information System Data Governance October 2015 http://auditor.mo.gov Report No. 2015-093 Nicole R. Galloway,
More informationOFFICE OF THE STATE AUDITOR TWO COMMODORE PLAZA 206 EAST NINTH STREET, SUITE 1900 LAWRENCE F. ALWIN, CPA
OFFICE OF THE STATE AUDITOR TWO COMMODORE PLAZA 206 EAST NINTH STREET, SUITE 1900 LAWRENCE F. ALWIN, CPA AUSTIN, TEXAS 78701 State Auditor July 22, 1998 RE: A Review of General Automation Controls at Selected
More informationDepartment of Public Utilities Customer Information System (BANNER)
REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationIT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS. Audit Report 11-30 August 12, 2011
IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS Audit Report 11-30 August 12, 2011 Members, Committee on Audit Henry Mendoza, Chair Melinda Guzman, Vice Chair Margaret Fortune Steven
More informationMobile Deposit Policy
Mobile Deposit Policy Mobile Deposit, a deposit transaction delivery system, allows the Credit Union to receive digital information from deposit documents captured at remote locations (i.e., the Credit
More informationThe University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1
Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4
More informationWHERE IS THE DEPARTMENT RIGHT NOW?
STATEMENT OF PATRICIA A. DALTON DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF LABOR BEFORE THE SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS EDUCATION AND THE WORKFORCE COMMITTEE U.S. HOUSE OF REPRESENTATIVES
More informationGuideline on risk management and other aspects of internal control in stock exchange
until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial
More informationU.S. Department of the Interior Office of Inspector General AUDIT REPORT
U.S. Department of the Interior Office of Inspector General AUDIT REPORT GENERAL CONTROL ENVIRONMENT OF THE FEDERAL FINANCIAL SYSTEM AT THE RESTON GENERAL PURPOSE COMPUTER CENTER, U.S. GEOLOGICAL SURVEY
More informationDepartment of Health and Mental Hygiene Alcohol and Drug Abuse Administration
Audit Report Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration October 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationSAMPLE IT CONTINGENCY PLAN FORMAT
SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency
More informationINTERNAL AUDIT CHARTER AND TERMS OF REFERENCE
INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE CHARTERED INSTITUTE OF INTERNAL AUDIT DEFINITION OF INTERNAL AUDIT Internal auditing is an independent, objective assurance and consulting activity designed
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationRESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT
RESERVE BANK OF VANUATU DOMESTIC BANK PRUDENTIAL GUIDELINE NO 12 OPERATIONAL RISK MANAGEMENT 1. This Guideline outlines a set of principles that provide a framework for the effective management of operational
More informationDepartment of Health and Mental Hygiene Regulatory Services
Audit Report Department of Health and Mental Hygiene Regulatory Services November 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationVIRGINIA WORKERS COMPENSATION COMMISSION REPORT ON AUDIT FOR THE YEARS ENDED JUNE 30, 2006 AND JUNE 30, 2007
VIRGINIA WORKERS COMPENSATION COMMISSION REPORT ON AUDIT FOR THE YEARS ENDED JUNE 30, 2006 AND JUNE 30, 2007 AUDIT SUMMARY Our audit of the Virginia Workers Compensation Commission found: proper recording
More informationREPORT NO. 2014-022 OCTOBER 2013 SEMINOLE STATE COLLEGE OF FLORIDA. Operational Audit
REPORT NO. 2014-022 OCTOBER 2013 SEMINOLE STATE COLLEGE OF FLORIDA Operational Audit BOARD OF TRUSTEES AND PRESIDENT Members of the Board of Trustees and President who served during the 2012-13 fiscal
More informationOFFICE OF THE CITY CONTROLLER
OFFICE OF THE CITY CONTROLLER PUBLIC WORKS AND ENGINEERING DEPARTMENT CELL PHONE CHARGE REIMBURSEMENTS AUDIT Annise D. Parker, City Controller Steve Schoonover, City Auditor Report No. 05-34 April 3, 2006
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More information10-13 MEMORIAL HEALTH SYSTEM IT BACKUP PROCESS PUBLIC REPORT CITY OF COLORADO SPRINGS OFFICE OF THE CITY AUDITOR JULY 22, 2010
CITY OF COLORADO SPRINGS OFFICE OF THE CITY AUDITOR 10-13 MEMORIAL HEALTH SYSTEM IT BACKUP PROCESS PUBLIC REPORT JULY 22, 2010 Denny Nester, MBA CPA CIA CGFM CFE CGAP Interim City Auditor Jacqueline Rowland,
More informationAberdeen City Council IT Disaster Recovery
Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationQUALITY MANAGEMENT SYSTEM MANUAL
The online version of this document is controlled. Therefore, all printed versions of this document are unofficial copies. QUALITY MANAGEMENT SYSTEM MANUAL 6901 Charles Street Towson, Maryland 21204 Manual
More informationReport Number: AP-FS-97-02 ADP and Technical Support Division Date of Issue: June 6, 1997 Washington, D.C. 20585
U.S. DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL AUDIT OF DEPARTMENTAL INTEGRATED STANDARDIZED CORE ACCOUNTING SYSTEM (DISCAS) OPERATIONS AT SELECTED FIELD SITES The Office of Inspector General wants
More informationUniversity System of Maryland University of Maryland Biotechnology Institute
Audit Report University System of Maryland University of Maryland Biotechnology Institute August 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationOffice of Security Management (213) 974-7926
PREPARED BY OCCUPATIONAL HEALTH PROGRAMS CHIEF EXECUTIVE OFFICE RISK MANAGEMENT BRANCH October 2007 Section Page STATEMENT OF PURPOSE...3 Psychiatric Emergencies AUTHORITY & CIVIL SERVICE RULES... 4 Application
More informationLarry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program
DATE: TO: FROM: SUBJECT: Larry Laine, Deputy Land Commissioner and Chief Clerk Tracey Hall, Deputy Commissioner of Internal Audit Annual Report on the Internal Audit The following report is presented in
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationDisaster Recovery Plan for Center Moriches School District Information Technology Operations
1900 Disaster Recovery Plan for Center Moriches School District Information Technology Operations I. Plan Overview II. Plan Approval III. Disaster Declaration IV. Plan Activation V. Plan Overview, Objectives
More informationIT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010
IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-34 October 13, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret
More informationApril 2005 Report No. 05-031
A Review of Construction Project Management at the Texas Building and Procurement Commission Report No. 05-031 John Keel, CPA State Auditor A Review of Construction Project Management at the Texas Building
More informationOUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008
OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008 BANK OF TANZANIA PART I PRELIMINARY 1 These guidelines may be cited as the Outsourcing Guidelines for Banks and Financial Institutions,
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF THE ENTERPRISE DATA WAREHOUSE DEPARTMENT OF TECHNOLOGY, MANAGEMENT, AND BUDGET August 2014 Doug A. Ringler, C.P.A., C.I.A. AUDITOR
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationAn Overview of Professional Directors and Officers Liability in Disaster Preparedness and Recovery Planning
An Overview of Professional Directors and Officers Liability in Disaster Preparedness and Recovery Planning Eric Martin Scott Southern University Law Center Preparation for disasters involves a variety
More informationStudent Assessment Administrative Review Phase 1
Internal Audit Student Assessment Administrative Review Phase 1 Issue Date: March 2015 Report Number: FY2015-02 Executive Summary AUDIT OF: Student Assessment DATE: Fieldwork performed January 2015 February
More informationDepartment of Public Safety and Correctional Services Information Technology and Communications Division
Audit Report Department of Public Safety and Correctional Services Information Technology and Communications Division March 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationMedical Mutual Liability Insurance Society of Maryland
Audit Report Medical Mutual Liability Insurance Society of Maryland February 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationBusiness Continuity Management Review
Office of Internal Audit Business Continuity Management Review November 14, 2014 Internal Audit Team Shannon Henry Chief Audit Officer & Executive Director of Institutional Compliance Stacy Sneed Audit
More informationSubject: Internal Audit of Information Technology Disaster Recovery Plan
RIVERSIDE: AUDIT & ADVISORY SERVICES June 30, 2009 To: Charles Rowley, Associate Vice Chancellor Computing & Communications Subject: Internal Audit of Information Technology Disaster Recovery Plan Ref:
More informationClinic Business Continuity Plan Guidelines
Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator
More informationVital Statistics audit of the Birth and Death Certificate Imaging System
OFFICE OF THE CITY AUDITOR AUDIT OF THE VITAL STATISTICS BIRTH AND DEATH CERTIFICATE IMAGING SYSTEM Paul T. Garner Assistant City Auditor Prepared by: Tony Aguilar, CISA Sr. IT Auditor Bill Steer, CPA,
More informationAudit Report. University Medical Center HIPAA Compliance. June 2013. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT
Audit Report AUDIT DEPARTMENT University Medical Center HIPAA Compliance June 2013 Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT COMMITTEE: Commissioner Steve Sisolak Commissioner Chris Giunchigliani
More informationCommunicating Internal Control Related Matters Identified in an Audit
Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial
More information,"ENT 0..- ~ -1-0. Q c. ;:* *1 ~ J U.S. DEPARTMENTOF HOUSINGAND URBAN DEVELOPMENT THEDEPUTYSECRETARY WASHINGTON, DC 20410-0050.
,"ENT 0..- ~ -1-0 Q c. ;:* *1 ~ J c.~.
More informationAudit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member
City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL ...The auditor general shall conduct post audits of financial transactions and accounts of the state and of
More informationLOCAL GOVERNMENT MANAGEMENT ASSESSMENT OVERVIEW AND QUESTIONNAIRE
LOCAL GOVERNMENT MANAGEMENT ASSESSMENT OVERVIEW AND QUESTIONNAIRE The Comptroller s Economic Development and Analysis (EDA) Division provides education and direct assistance to local governments, helping
More informationConsolidated Environmental Data Access and Retrieval System: Verification of Data Accuracy and Integrity
A Report to the Montana Legisl ature I nform ation Systems Audit Consolidated Environmental Data Access and Retrieval System: Verification of Data Accuracy and Integrity Department of Environmental Quality
More informationBusiness Continuity Business Continuity Management Policy
Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version
More information